Untriaged
Permalink
CVE-2026-57053
4.0 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
GNU libidn before 1.44 is prone to out-of-bounds reads of …
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.
References
Affected products
libidn
- <1.44
Matching in nixpkgs
pkgs.libidn
Library for internationalized domain names
pkgs.libidn2
Free software implementation of IDNA2008 and TR46
pkgs.perlPackages.NetLibIDN2
Perl bindings for GNU Libidn2
pkgs.perl5Packages.NetLibIDN2
Perl bindings for GNU Libidn2
pkgs.perl538Packages.NetLibIDN2
None
pkgs.perl540Packages.NetLibIDN2
None
Package maintainers
-
@fpletz Franz Pletz <fpletz@fnordicwalking.de>